﻿using System;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace WebApplication1
{
    public partial class WebForm1 : System.Web.UI.Page
    {
        private SqlHelper sqlHelper = new SqlHelper();
        protected void Page_Load(object sender, EventArgs e)
        {
            //cmd.ExecuteNonQuery();//增、删、改

            ////器
            //SqlDataReader sdr = cmd.ExecuteReader();//查询
            //sdr.Read();

            //cmd.ExecuteScalar();//返回结果的，第一行第一列，select count(*) from studentInfo

            ////直接连接模式，需要保持数据库的连接，占用资源
            ////数据的读取和操作在连接断开之前。

            ////断开式连接模式，需要的时候，连接，获取数据。
            //SqlDataAdapter adapter = new SqlDataAdapter(cmd);
            //DataSet ds = new DataSet();

            //adapter.Fill(ds);
        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            //string name = TextBox1.Text;
            //string pwd = TextBox2.Text;

            //string constr = "server=.;uid=sa;pwd=123456;database=Student_db";

            //SqlConnection con = new SqlConnection(constr);

            //con.Open();//打开连接

            //string sql = "select * from StudentInfo where stu_name=@name and password=@pwd";
            ////SQL注入攻击
            //SqlParameter[] pars =
            //{
            //    new SqlParameter("@name",name),
            //    new SqlParameter("@pwd",pwd)
            //};

            //SqlCommand cmd = new SqlCommand(sql, con);
            //cmd.Parameters.AddRange(pars);

            //SqlDataReader sdr = cmd.ExecuteReader();
            //if (sdr.Read())//能够读取下一条，就说明登录成功！
            //{
            //    Session["CurrentUserName"] = name;
            //    Response.Redirect("WebForm3.aspx");
            //    //Literal1.Text = "登录成功！";
            //}
            //else
            //{
            //    Literal1.Text = "用户名或密码错误！";
            //}

            //SqlConnection 
            //SqlCommand
            //SqlDataReader
            //SqlDataAdapter
            //DataSet DataTable




            string name = TextBox1.Text;
            string pwd = TextBox2.Text;

            string sql = "select * from StudentInfo where stu_name=@name and password=@pwd";
            //SQL注入攻击
            SqlParameter[] pars =
            {
                new SqlParameter("@name",name),
                new SqlParameter("@pwd",pwd)
            };

            DataTable dt =  sqlHelper.Get(sql,pars);
            if (dt.Rows.Count>0)//如果返回的记录条数大于0，就说明登录成功！
            {
                Session["CurrentUserName"] = name;
                Response.Redirect("WebForm3.aspx");
            }
            else
            {
                Literal1.Text = "用户名或密码错误！";
            }
        }
    }
}